Illustration: Yazmin Monet Butcher
In 2014, I bought 25,000 dogecoin as a joke. By 2021, it was briefly worth over $17,000. Problem was, I couldn’t remember the password. Determined to get my coins back, I embarked on a journey that exposed me to online hackers, the mathematics behind passwords, and a lot of frustration.
Although most people don’t have thousands in forgotten cryptocurrency, everyone relies on passwords to manage their digital lives. And as more and more people buy crypto, how can they protect their assets? We talked to a host of experts to figure out how to create the best passwords for your digital accounts, and, if you have crypto, what your basic storage tradeoffs are. Let’s dive in.
How to Hack Your Own Crypto Wallet
There are a few common ways to lose crypto. You might have a wallet on a hard drive you throw away. Your exchange could get hacked. You might lose your password, or you might get personally hacked and have your coins stolen. For those who lose their password, as I did, hackers actually present a silver lining. If you still control your wallet, you can try to hack your own wallet—or find someone who will.
So I contacted Dave Bitcoin, an anonymous hacker famous for cracking crypto wallets. He agreed to help break into the wallet, for his standard 20 percent fee—paid only if he is successful. Dave and other hackers are mostly using brute force techniques. Basically, they’re just guessing passwords—a lot of them.
You can also try to hack your own wallet with apps like Pywallet or Jack the Ripper. But I didn’t want to do it myself, so I sent Dave a list of password possibilities and he got started.
After a little waiting, I received an email from Dave. “I tried over 100 billion passwords on your wallet,” Dave told me over email. I assumed such a mind-boggling amount of tries meant my coins were surely recovered, but alas, we had only scratched the surface. The password was not hacked, and my coins remained lost. But how?
The Math Behind Strong Passwords
Each new digit in a password makes it exponentially harder to crack. Consider a one-digit password that could be a letter or a number. If the password is case-sensitive, there are 52 letters plus 10 numerals. Not very secure. You could simply guess the password by trying 62 times. (A, a, B, b, C, c … and so on).
Now make it a two-digit password. It doesn’t get twice as hard to guess—it gets 62 times harder to guess. There are now 3884 possible passwords to guess (AA, Aa, AB, etc.) A six-digit password with the same rules has around 56 billion possible permutations, assuming we don’t use special characters. A 20-character password with those rules has 62-to-the-20th-power permutations: that is, 704,423,425,546,998,022,968,330,264,616,370,176 possible passwords. That makes 100 billion look pretty small in comparison.
This math was bad news for me, since I’m pretty sure I had some sort of long password, like a few lines of a song lyric. Talk about facing the music.
Password Best Practices
Whether it’s for your email or crypto wallet, how can you balance creating a strong password that’s also memorable? “Choosing passwords is tricky,” says Dave, “If you go out of your way to create an unusual password for your wallet that you wouldn’t typically use, then it makes it quite difficult for you to remember and for me to help.
It’s easier to guess your password if you use consistent patterns. Of course, this is bad for security, and someone who is trying to hack your accounts will have an easier time.” Balancing security with memorability is ultimately a tough task that will depend on the individual’s needs and preferences.
“All I can really suggest is to either record all your passwords on paper (and take the risk that it will be found), or use a password manager,” Dave says. Ironically, the digital age is now making pen and paper a preferred security method. Russia’s state security agency supposedly reverted to typewriters after the Snowden leaks.
Are Coins on Crypto Exchanges Safe?
Losing my password made me a pretty big fan of storing crypto on exchanges. After all, if you forget your Coinbase password, the process is simple. You reset your password, and likely submit identification to verify that you own the account. On the surface, storing on big exchanges seems pretty secure.
Coinbase says they keep “over 98 percent of deposits offline in secure cold storage facilities” in addition to having an “extensive insurance policy.” Thus, it should be difficult or impossible for cybercriminals to access most of the crypto Coinbase controls.
Gemini, another popular US-based exchange, prides itself on its seemingly extensive security measures. At the same time, if your exchange suffers a major hack or goes bankrupt, it could take years to recover your crypto, if you get it back at all. That’s why many analysts recommend users maintain control over their coins…..Continue reading
By:
Source: I Lost $17,000 in Crypto. Here’s How to Avoid My Mistake | WIRED
.
Related contents:
Marketing Programs You May Like: